Wednesday, April 9, 2014

Building a Decoder for the CVE-2014-0502 Shellcode

Yesterday on the Volatility Labs blog I published a post on analyzing some interesting shellcode from a recent attack campaign and 0day exploit. The shellcode was encrypted multiple times and required full static reversing before revealing the algorithm needed to decrypt the backdoor URL. I think you will like it: